- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Heartbeat device(interface) down
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Heartbeat device(interface) down
Hi
I have a cluster that seams to works OK, but still i get these messages;
----------------------------------------------------
Message meets Alert condition
The following critical firewall event was detected: Critical Event.
date=2011-09-01 time=14:34:00 devname=SE-OSD-FGT-001 device_id=FGT60C3G10013303 log_id=0105037901 type=event subtype=ha pri=critical vd=" root" msg=" Heartbeat device(interface) down" ha_role=master hbdn_reason=neighbor-info-lost devintfname=dmz
Message meets Alert condition
The following critical firewall event was detected: Critical Event.
date=2011-09-01 time=14:34:00 devname=SE-OSD-FGT-001 device_id=FGT60C3G10013303 log_id=0105037901 type=event subtype=ha pri=critical vd=" root" msg=" Heartbeat device(interface) down" ha_role=master hbdn_reason=neighbor-info-lost devintfname=internal4
----------------------------------------------------
FGT60C-4.00-FW-build458-110627
HA settings looks like this on the " primary" :
config system ha
set group-id 7
set group-name " FGT-HA"
set mode a-p
<b> set hbdev " dmz" 100 " internal4" 50</b>
set override disable
set priority 150
set monitor " internal1" " internal2" " internal3" " wan2"
end
Any ideas?
Johan Lysen Consulting AB Johan Lysen, Johan@Lysen.nu Byvagen 87, 832 46 FROSON Mobile: +46 70 6009221
Johan Lysen Consulting AB Johan Lysen, Johan@Lysen.nu Byvagen 87, 832 46
FROSON Mobile: +46 70 6009221
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
from what it looks like the master has lost connectivity on both HA links simultaneously (' dmz' and ' internal4' ). Did you observe that the cluster has failed over?
As for the reason I can only guess...
- both physical connections have failed (i.e. were pulled) - quite unlikely
- the master unit failed completely
- FortiOS error
You' re running 4.3.1, which is daring IMO.
As long as you don' t find any other indication I' d bet on FortiOS failure. Some guesses:
Can you observe signs that CPU and/or memory usage is exceedingly high?
Did a signature update happen shortly before the HA failure?
If the master unit still is alive, is the HA info synched?
If the HA master has been demoted to slave now, you may reboot the unit without affecting the (live) network it is in. Depending on the HA settings it will fail over to master again after rebooting, or stay standby.
IMHO you have only chances to open a support case if the behaviour is repeatable.
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
There is no failover involved, the diag sys top doesn´t show high cpu.
We get this issue say, 1-10 times each day.
no ticket created yet...
Johan Lysen Consulting AB Johan Lysen, Johan@Lysen.nu Byvagen 87, 832 46 FROSON Mobile: +46 70 6009221
Johan Lysen Consulting AB Johan Lysen, Johan@Lysen.nu Byvagen 87, 832 46
FROSON Mobile: +46 70 6009221
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK, so the cluster just detects that HB packets were lost but the threshold is high enough to prevent a failover.
You can now
- enlarge the interval the cluster members will wait until they detect a HB packet loss
Ede
"Kernel panic: Aiee, killing interrupt handler!"
config system ha set hb-lost-threshold 6 set hb-interval 4 endThis increases the hb-interval from 200 ms to 400 ms. A total of 6 missed packets lead to a failover, so there' s a gap of 2.4 seconds until it triggers. - disable session-pickup if the unit is too busy. This will decrease the traffic load on the HA link substantially. That depends on the type of traffic you expect; if it' s mainly HTTP you can disable session pickup. - stop monitoring all other interfaces. The loss of the HA heartbeat will take care of a device failure. If you absolutely must monitor a link, choose just one; and traffic on it should not be too heavy. - downgrade to 4.2.x if available for the 60C. This is your weakest option IMHO. I assume that the HA link is made by a simple TP cable and not via a switch. Switches can sometimes stumble upon the ethernet type the HA traffic protocol uses.
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi and thx for fast answers
I have done the hb-lost-threshold/hb-interval change, and also changed the number of interfaces monitored to only two, one per switch-teer (internal, internet) - so we can detect that external main internetswitch is lost and make a failover, and also if the internal main networkswitch is down.
Yes we have a crossed TP cable on the DMZ port for HA traffic
No we don´t use session pickup since the FG60C doesn´t have main CPU resources enough to use that. When we add session pickup we get 100% CPU usage when hitting the unit with >~100Mbps of traffic. When we disable session pickup then this issue is gone.
Johan Lysen Consulting AB Johan Lysen, Johan@Lysen.nu Byvagen 87, 832 46 FROSON Mobile: +46 70 6009221
Johan Lysen Consulting AB Johan Lysen, Johan@Lysen.nu Byvagen 87, 832 46
FROSON Mobile: +46 70 6009221
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi again
There is more and more evidence that points to some issue with logging - and all other issues is because of that.
miglogd runs at 25-50% cpu in average and makes all other tasks " high" - even login to WebGUI can be " down" for 15minutes some times.
commands like " show log ?" hangs cli
" ha-device-lost" is probably because there is no more CPU to run hatalk on.
if i tries to disable all logging and make a fresh restart - everthing works pretty nice for a while (days).
there is a ticket created with fortinet support, but... no
Johan Lysen Consulting AB Johan Lysen, Johan@Lysen.nu Byvagen 87, 832 46 FROSON Mobile: +46 70 6009221
Johan Lysen Consulting AB Johan Lysen, Johan@Lysen.nu Byvagen 87, 832 46
FROSON Mobile: +46 70 6009221
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Johan
i' ve the same exact problem, any news about Fortinet support feedback?
2 x FGT60B, 4.0MR1 patch 10
Thanks a lot
Bye
Gianf
Bye Gianf
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Johan,
I would stay away from MR3, its not stable at all, i have seen memory leaks, log issues etc... i have heard Patch 2 is out within weeks.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why is it so hard to release something stable?
Johan Lysen Consulting AB Johan Lysen, Johan@Lysen.nu Byvagen 87, 832 46 FROSON Mobile: +46 70 6009221
Johan Lysen Consulting AB Johan Lysen, Johan@Lysen.nu Byvagen 87, 832 46
FROSON Mobile: +46 70 6009221
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have been asking the same for a long time,
a rule of thumb: stay one MR release behind the latest.
im on 4.2.8, and its very stable.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
Related Posts
- How to create a HA cluster... 1415 Views
- put ha cluster in maintenance mode... 321 Views
- Fortigate HA Secondary device Fortiguard update 310 Views
- Fortinet Fiber Transeiver not showing UP 1115 Views
- User of crossover cables on FortiGate... 603 Views
Labels
-
FortiGate
6,534 -
FortiClient
1,304 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
242 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
60 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
Firewall policy
23 -
FortiConnect
23 -
FortiWAN
22 -
FortiConverter
21 -
VLAN
20 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiAuthenticator
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.